# NeuroSploit v3 Environment Variables # ===================================== # Copy this file to .env and configure your API keys # # IMPORTANT: You MUST set at least one LLM API key for the AI agent to work! # # ============================================================================= # LLM API Keys (REQUIRED - at least one must be set) # ============================================================================= # Get your Claude API key at: https://console.anthropic.com/ ANTHROPIC_API_KEY= # OpenAI: https://platform.openai.com/api-keys OPENAI_API_KEY= # Google Gemini: https://aistudio.google.com/app/apikey GEMINI_API_KEY= # OpenRouter (multi-model): https://openrouter.ai/keys OPENROUTER_API_KEY= # Together AI: https://api.together.xyz/settings/api-keys TOGETHER_API_KEY= # Fireworks AI: https://fireworks.ai/account/api-keys FIREWORKS_API_KEY= # Azure OpenAI: https://portal.azure.com/ #AZURE_OPENAI_API_KEY= #AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com/ #AZURE_OPENAI_API_VERSION=2024-02-01 #AZURE_OPENAI_DEPLOYMENT=gpt-4o # ============================================================================= # Local LLM (optional - no API key needed) # ============================================================================= # Ollama: https://ollama.ai #OLLAMA_BASE_URL=http://localhost:11434 # LM Studio: https://lmstudio.ai #LMSTUDIO_BASE_URL=http://localhost:1234 # ============================================================================= # LLM Configuration # ============================================================================= # Max output tokens (up to 64000 for Claude). Comment out for profile defaults. #MAX_OUTPUT_TOKENS=64000 # Select specific model name (e.g., claude-sonnet-4-20250514, gpt-4o, llama3.2, qwen2.5) # Leave empty for provider default #DEFAULT_LLM_MODEL= # Enable task-type model routing (routes to different LLM profiles per task) ENABLE_MODEL_ROUTING=false # ============================================================================= # Feature Flags # ============================================================================= # Bug bounty dataset cognitive augmentation ENABLE_KNOWLEDGE_AUGMENTATION=false # Playwright browser-based validation + screenshot capture ENABLE_BROWSER_VALIDATION=false # ============================================================================= # Agent Autonomy (Phase 1-5 modules) # ============================================================================= # Token budget per scan (limits total LLM tokens). Comment out for unlimited. #TOKEN_BUDGET=100000 # Enable AI reasoning engine (think/plan/reflect at checkpoints) ENABLE_REASONING=true # Enable CVE/exploit search (NVD API + GitHub) ENABLE_CVE_HUNT=true # NVD API key for higher rate limits: https://nvd.nist.gov/developers/request-an-api-key #NVD_API_KEY= # GitHub token for exploit search (optional, increases rate limit) #GITHUB_TOKEN= # Enable multi-agent orchestration (replaces default 3-stream architecture) # WARNING: Experimental - uses specialist agents instead of parallel streams ENABLE_MULTI_AGENT=false # Enable AI Researcher agent (0-day discovery with Kali sandbox) # Requires enable_kali_sandbox=true per scan (frontend checkbox) ENABLE_RESEARCHER_AI=true # CLI Agent (AI CLI tools inside Kali sandbox) # Runs Claude Code / Gemini CLI / Codex CLI inside Kali container as pentest engine #ENABLE_CLI_AGENT=true #CLI_AGENT_MAX_RUNTIME=1800 #CLI_AGENT_DEFAULT_PROVIDER=claude_code # Kali sandbox Docker image name #KALI_SANDBOX_IMAGE=neurosploit-kali:latest # ============================================================================= # Smart Router (OAuth + API provider routing) # ============================================================================= # Enable Smart Router for automatic provider failover and CLI OAuth token reuse #ENABLE_SMART_ROUTER=true # ============================================================================= # RAG System (Retrieval-Augmented Generation) # ============================================================================= # Enable RAG for semantic search over vuln knowledge, bug bounty data, etc. ENABLE_RAG=true # RAG backend: auto (best available), chromadb, tfidf, bm25 RAG_BACKEND=auto # ============================================================================= # Methodology File (deep injection into agent prompts) # ============================================================================= # Path to .md methodology file (FASE-based pentest methodology) #METHODOLOGY_FILE=/opt/Prompts-PenTest/pentestcompleto_en.md # ============================================================================= # Vuln Type Agents (per-vuln parallel orchestration) # ============================================================================= # Enable parallel per-vuln-type specialist agents ENABLE_VULN_AGENTS=false # ============================================================================= # Notifications (multi-channel scan alerts) # ============================================================================= #ENABLE_NOTIFICATIONS=false #NOTIFICATION_SEVERITY_FILTER=critical,high # Discord webhook for scan alerts #DISCORD_WEBHOOK_URL= # Telegram bot alerts #TELEGRAM_BOT_TOKEN= #TELEGRAM_CHAT_ID= # WhatsApp/Twilio alerts #TWILIO_ACCOUNT_SID= #TWILIO_AUTH_TOKEN= #TWILIO_FROM_NUMBER= #TWILIO_TO_NUMBER= # ============================================================================= # Database (default is SQLite - no config needed) # ============================================================================= DATABASE_URL=sqlite+aiosqlite:///./data/neurosploit.db # ============================================================================= # Server Configuration # ============================================================================= HOST=0.0.0.0 PORT=8000 DEBUG=false